Your public key must be associated with a digitally signed certificate from a certificate authority (CA) who is designated as a trusted root CA on your server.
You can buy a signed certificate by submitting a certificate request to a certificate authority (CA) provider. The HTTP Server supports the following external CAs:
By default, the following are designated as trusted CAs on the HTTP Server:
Note: | If you are using certificate revocation lists (CRLs) for client authentication, you must purchase CA software from the IBM Registry and issue your own certificates. |